2 matches found
CVE-2010-0376
CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...
CVE-2009-3197
CVE-2009-3197 describes a cross-site scripting (XSS) vulnerability in the PHP Calendars Script by JCE-Tech, specifically in search.php. The flaw lets remote attackers inject arbitrary web script or HTML by supplying a crafted value to the search parameter. The NVD metrics indicate a MEDIUM-severi...